Why not simply add a new field 'PasswordCreator' to your table and
modify your trigger:

CREATE TRIGGER protect_my_table FOR my_table
ACTIVE BEFORE UPDATE POSITION 1
AS
BEGIN
IF ((OLD.PasswordCreator = CURRENT_USER) OR
(CURRENT_USER = 'SYSDBA')) AND
(NEW.passwd IS NULL) THEN BEGIN
END ELSE IF (OLD.passwd IS NOT NULL) THEN BEGIN
EXCEPT protection_exception;
END
END

I added SYSDBA because I think (s)he should be allowed to do anything
(s)he pleases. I haven't checked the syntax.

HTH,
Set

--- In firebird-support@yahoogroups.com, "yuraukar" wrote:
> I am trying to password-lock a row in a table. The purpose is as
> follows:
> A user should be able to lock an individual row in a table from
> modification (no, this has nothing to do with concurrency).
> Any attempt to modify data in that row should then be rejected.
>
> The easy solution is to have a column that stores the password
> (could be encrypted, but for testing it's clear text). If the column
> is NULL, any changes are accepted, otherwise they are rejected
> through a trigger
>
> CREATE TRIGGER protect_my_table FOR my_table
> ACTIVE BEFORE UPDATE POSITION 1
> AS
> BEGIN
> IF (OLD.passwd IS NOT NULL) THEN BEGIN
> EXCEPT protection_exception;
> END
> END
>
> This however also locks the user from removing the password to
> unlock the row later on. I was thinking about a stored procedure
> that - given the password and row ID - would remove the password,
> but came to no working AND secure solution.
>
> Any help or ideas from the group?